This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T18:30:12+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719 www.secnews.physaphae.fr/article.php?IdArticle=8406852 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba\'s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.]]> 2023-11-03T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42670 www.secnews.physaphae.fr/article.php?IdArticle=8405238 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-27T08:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46093 www.secnews.physaphae.fr/article.php?IdArticle=8401374 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .]]> 2023-10-27T05:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34058 www.secnews.physaphae.fr/article.php?IdArticle=8401369 False Tool None None CVE Liste - Common Vulnerability Exposure VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.]]> 2023-10-27T05:15:38+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34057 www.secnews.physaphae.fr/article.php?IdArticle=8401368 False Tool None None CVE Liste - Common Vulnerability Exposure sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt\'s main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46122 www.secnews.physaphae.fr/article.php?IdArticle=8399413 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it\'s own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-10-20T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46117 www.secnews.physaphae.fr/article.php?IdArticle=8398388 False Tool,Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure The React Developer Tools extension registers a message listener with window.addEventListener(\'message\', ) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL’s via the victim\'s browser.]]> 2023-10-19T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5654 www.secnews.physaphae.fr/article.php?IdArticle=8397799 False Tool None None CVE Liste - Common Vulnerability Exposure Windows Mixed Reality Developer Tools Denial of Service Vulnerability]]> 2023-10-10T18:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36720 www.secnews.physaphae.fr/article.php?IdArticle=8394031 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.]]> 2023-10-06T14:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42445 www.secnews.physaphae.fr/article.php?IdArticle=8392305 False Tool None None CVE Liste - Common Vulnerability Exposure Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.]]> 2023-10-05T18:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44387 www.secnews.physaphae.fr/article.php?IdArticle=8391991 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare\'s WAF.]]> 2023-10-04T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43805 www.secnews.physaphae.fr/article.php?IdArticle=8391645 False Tool None None CVE Liste - Common Vulnerability Exposure Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.]]> 2023-10-02T20:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43890 www.secnews.physaphae.fr/article.php?IdArticle=8390682 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-02T10:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44245 www.secnews.physaphae.fr/article.php?IdArticle=8390480 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.]]> 2023-09-28T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43654 www.secnews.physaphae.fr/article.php?IdArticle=8389278 False Tool None None CVE Liste - Common Vulnerability Exposure IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.]]> 2023-09-28T18:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43044 www.secnews.physaphae.fr/article.php?IdArticle=8389208 False Tool None None CVE Liste - Common Vulnerability Exposure OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.]]> 2023-09-15T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41886 www.secnews.physaphae.fr/article.php?IdArticle=8384347 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.]]> 2023-09-15T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41887 www.secnews.physaphae.fr/article.php?IdArticle=8384348 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.]]> 2023-09-13T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41162 www.secnews.physaphae.fr/article.php?IdArticle=8382490 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.]]> 2023-09-11T19:15:42+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38829 www.secnews.physaphae.fr/article.php?IdArticle=8381505 False Tool None None CVE Liste - Common Vulnerability Exposure WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations.]]> 2023-09-06T21:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41327 www.secnews.physaphae.fr/article.php?IdArticle=8379855 False Tool None None CVE Liste - Common Vulnerability Exposure WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.]]> 2023-09-06T21:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41329 www.secnews.physaphae.fr/article.php?IdArticle=8379856 False Tool None None CVE Liste - Common Vulnerability Exposure WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester� functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.]]> 2023-09-06T21:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39967 www.secnews.physaphae.fr/article.php?IdArticle=8379851 False Tool None None CVE Liste - Common Vulnerability Exposure hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`.]]> 2023-09-04T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41057 www.secnews.physaphae.fr/article.php?IdArticle=8378892 False Tool None None CVE Liste - Common Vulnerability Exposure VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.]]> 2023-08-31T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20900 www.secnews.physaphae.fr/article.php?IdArticle=8377180 False Tool None None CVE Liste - Common Vulnerability Exposure A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.]]> 2023-08-30T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41163 www.secnews.physaphae.fr/article.php?IdArticle=8376980 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.]]> 2023-08-25T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40583 www.secnews.physaphae.fr/article.php?IdArticle=8374688 False Tool None None CVE Liste - Common Vulnerability Exposure weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.]]> 2023-08-25T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40571 www.secnews.physaphae.fr/article.php?IdArticle=8374685 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.]]> 2023-08-25T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32678 www.secnews.physaphae.fr/article.php?IdArticle=8374671 False Tool None None CVE Liste - Common Vulnerability Exposure Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.]]> 2023-08-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40025 www.secnews.physaphae.fr/article.php?IdArticle=8373842 False Tool,Vulnerability Uber None CVE Liste - Common Vulnerability Exposure Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.]]> 2023-08-21T19:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4373 www.secnews.physaphae.fr/article.php?IdArticle=8372873 False Tool None None CVE Liste - Common Vulnerability Exposure rubygems.org is the Ruby community\'s primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate upload in the canonical gem storage bucket, and triggering an immediate CDN purge so that the malicious gem would be served immediately. The maintainers have checked all gems matching the `/-\d/` pattern and can confirm that no unexpected `.gem`s were found. As a result, we believe this vulnerability was _not_ exploited. The easiest way to ensure that a user\'s applications were not exploited by this vulnerability is to check that all of your downloaded .gems have a checksum that matches the checksum recorded in the RubyGems.org database. RubyGems contributor Maciej Mensfeld wrote a tool to automatically check that all downloaded .gem files match the checksums recorded in the RubyGems.org database. You can use it by running: `bundle add bundler-integrity` followed by `bundle exec bundler-integrity`. Neither this tool nor anything else can prove you were not exploited, but the can assist your investigation by quickly comparing RubyGems API-provided checksums with the checksums of files on your disk. The issue has been patched with improved input validation and the changes are live. No action is required on the part of the user. Users are advised to validate their local gems.]]> 2023-08-17T18:15:17+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40165 www.secnews.physaphae.fr/article.php?IdArticle=8371425 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.]]> 2023-08-16T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39250 www.secnews.physaphae.fr/article.php?IdArticle=8370870 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard\'s bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.]]> 2023-08-14T21:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39950 www.secnews.physaphae.fr/article.php?IdArticle=8370181 False Tool None None CVE Liste - Common Vulnerability Exposure Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.]]> 2023-08-11T03:15:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31246 www.secnews.physaphae.fr/article.php?IdArticle=8368779 False Tool None None CVE Liste - Common Vulnerability Exposure Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.]]> 2023-08-11T03:15:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28938 www.secnews.physaphae.fr/article.php?IdArticle=8368773 False Tool None None CVE Liste - Common Vulnerability Exposure Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.]]> 2023-08-11T03:15:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28736 www.secnews.physaphae.fr/article.php?IdArticle=8368771 False Tool None None CVE Liste - Common Vulnerability Exposure Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.]]> 2023-08-11T03:15:19+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25944 www.secnews.physaphae.fr/article.php?IdArticle=8368756 False Tool None None CVE Liste - Common Vulnerability Exposure A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.]]> 2023-08-09T18:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48580 www.secnews.physaphae.fr/article.php?IdArticle=8368034 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Windows System Assessment Tool Elevation of Privilege Vulnerability]]> 2023-08-08T18:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36903 www.secnews.physaphae.fr/article.php?IdArticle=8367533 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Visual Studio Tools for Office Runtime Spoofing Vulnerability]]> 2023-08-08T18:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36897 www.secnews.physaphae.fr/article.php?IdArticle=8367529 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.]]> 2023-08-08T11:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4203 www.secnews.physaphae.fr/article.php?IdArticle=8367274 False Tool None None CVE Liste - Common Vulnerability Exposure 2023-08-03T15:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3348 www.secnews.physaphae.fr/article.php?IdArticle=8365318 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately u]]> 2023-07-25T15:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37895 www.secnews.physaphae.fr/article.php?IdArticle=8361326 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim\'s web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.]]> 2023-07-24T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28865 www.secnews.physaphae.fr/article.php?IdArticle=8360833 False Tool None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.]]> 2023-07-24T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28863 www.secnews.physaphae.fr/article.php?IdArticle=8360831 False Tool None None CVE Liste - Common Vulnerability Exposure An access control issue in WebBoss.io CMS v3.7.0 allows attackers to access the Website Backup Tool via a crafted GET request.]]> 2023-07-21T20:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36339 www.secnews.physaphae.fr/article.php?IdArticle=8359909 False Tool None None CVE Liste - Common Vulnerability Exposure Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).]]> 2023-07-18T21:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22055 www.secnews.physaphae.fr/article.php?IdArticle=8358552 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.]]> 2023-07-17T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37476 www.secnews.physaphae.fr/article.php?IdArticle=8358013 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.]]> 2023-07-16T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30989 www.secnews.physaphae.fr/article.php?IdArticle=8357514 False Tool None None CVE Liste - Common Vulnerability Exposure RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3.]]> 2023-07-11T18:15:20+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37271 www.secnews.physaphae.fr/article.php?IdArticle=8354780 False Tool None None CVE Liste - Common Vulnerability Exposure The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application.]]> 2023-07-11T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35872 www.secnews.physaphae.fr/article.php?IdArticle=8354358 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest\'s host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp\'s info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders\' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternativel]]> 2023-07-06T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35934 www.secnews.physaphae.fr/article.php?IdArticle=8353172 False Tool None None CVE Liste - Common Vulnerability Exposure SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.]]> 2023-07-06T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36830 www.secnews.physaphae.fr/article.php?IdArticle=8353107 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.]]> 2023-07-06T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24519 www.secnews.physaphae.fr/article.php?IdArticle=8353000 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.]]> 2023-07-06T15:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24520 www.secnews.physaphae.fr/article.php?IdArticle=8353001 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.]]> 2023-07-05T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35936 www.secnews.physaphae.fr/article.php?IdArticle=8352661 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure ?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.]]> 2023-07-03T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3395 www.secnews.physaphae.fr/article.php?IdArticle=8351929 False Tool None None CVE Liste - Common Vulnerability Exposure Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency\'s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build\'s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.]]> 2023-06-30T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35946 www.secnews.physaphae.fr/article.php?IdArticle=8351153 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle ]]> 2023-06-30T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35947 www.secnews.physaphae.fr/article.php?IdArticle=8351154 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user\'s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.]]> 2023-06-28T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36474 www.secnews.physaphae.fr/article.php?IdArticle=8350442 False Tool,Threat None None CVE Liste - Common Vulnerability Exposure DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-06-26T22:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35164 www.secnews.physaphae.fr/article.php?IdArticle=8349565 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability.]]> 2023-06-26T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35168 www.secnews.physaphae.fr/article.php?IdArticle=8349512 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-06-26T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34463 www.secnews.physaphae.fr/article.php?IdArticle=8349510 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.]]> 2023-06-16T19:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25188 www.secnews.physaphae.fr/article.php?IdArticle=8346309 False Tool None None CVE Liste - Common Vulnerability Exposure An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.]]> 2023-06-16T19:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25186 www.secnews.physaphae.fr/article.php?IdArticle=8346308 False Tool None None CVE Liste - Common Vulnerability Exposure Windows Snipping Tool Information Disclosure Vulnerability]]> 2023-06-13T17:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28303 www.secnews.physaphae.fr/article.php?IdArticle=8344928 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.]]> 2023-06-13T03:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32115 www.secnews.physaphae.fr/article.php?IdArticle=8344663 False Tool None None CVE Liste - Common Vulnerability Exposure notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.]]> 2023-06-06T19:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33959 www.secnews.physaphae.fr/article.php?IdArticle=8342724 False Tool None None CVE Liste - Common Vulnerability Exposure notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.]]> 2023-06-06T19:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33958 www.secnews.physaphae.fr/article.php?IdArticle=8342723 False Tool None None CVE Liste - Common Vulnerability Exposure notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.]]> 2023-06-06T19:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33957 www.secnews.physaphae.fr/article.php?IdArticle=8342722 False Tool None None CVE Liste - Common Vulnerability Exposure A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.]]> 2023-06-05T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4569 www.secnews.physaphae.fr/article.php?IdArticle=8342317 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability]]> 2023-05-31T19:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35743 www.secnews.physaphae.fr/article.php?IdArticle=8340996 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.]]> 2023-05-31T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33967 www.secnews.physaphae.fr/article.php?IdArticle=8341018 False Tool None None CVE Liste - Common Vulnerability Exposure Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.]]> 2023-05-30T06:16:36+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33186 www.secnews.physaphae.fr/article.php?IdArticle=8340470 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\'s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.]]> 2023-05-30T05:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33198 www.secnews.physaphae.fr/article.php?IdArticle=8340474 False Tool None None CVE Liste - Common Vulnerability Exposure Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue.]]> 2023-05-29T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32072 www.secnews.physaphae.fr/article.php?IdArticle=8340355 False Tool None None CVE Liste - Common Vulnerability Exposure Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don\'t require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that\'s not in the organization\'s LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue.]]> 2023-05-19T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28623 www.secnews.physaphae.fr/article.php?IdArticle=8338000 False Tool None None CVE Liste - Common Vulnerability Exposure Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams.]]> 2023-05-19T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32677 www.secnews.physaphae.fr/article.php?IdArticle=8337988 False Tool None None CVE Liste - Common Vulnerability Exposure 2023-05-17T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31135 www.secnews.physaphae.fr/article.php?IdArticle=8337452 False Tool None None CVE Liste - Common Vulnerability Exposure Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.]]> 2023-05-10T14:15:16+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41610 www.secnews.physaphae.fr/article.php?IdArticle=8335318 False Tool None None CVE Liste - Common Vulnerability Exposure Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.]]> 2023-05-10T14:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40971 www.secnews.physaphae.fr/article.php?IdArticle=8335315 False Tool None None CVE Liste - Common Vulnerability Exposure Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.]]> 2023-05-10T14:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21162 www.secnews.physaphae.fr/article.php?IdArticle=8335284 False Tool None None CVE Liste - Common Vulnerability Exposure mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.]]> 2023-05-09T15:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31143 www.secnews.physaphae.fr/article.php?IdArticle=8334870 False Tool None None CVE Liste - Common Vulnerability Exposure SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.]]> 2023-05-09T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28764 www.secnews.physaphae.fr/article.php?IdArticle=8334685 False Tool None None CVE Liste - Common Vulnerability Exposure An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.]]> 2023-05-04T21:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30328 www.secnews.physaphae.fr/article.php?IdArticle=8333632 False Tool None None CVE Liste - Common Vulnerability Exposure Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.]]> 2023-05-04T14:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30619 www.secnews.physaphae.fr/article.php?IdArticle=8333521 False Tool None None CVE Liste - Common Vulnerability Exposure Gradle Build Action allows users to execute a Gradle Bui]]> 2023-04-28T16:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30853 www.secnews.physaphae.fr/article.php?IdArticle=8331968 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.]]> 2023-04-24T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26059 www.secnews.physaphae.fr/article.php?IdArticle=8330746 False Tool None None CVE Liste - Common Vulnerability Exposure NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.]]> 2023-04-22T03:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25510 www.secnews.physaphae.fr/article.php?IdArticle=8330161 False Tool None None CVE Liste - Common Vulnerability Exposure Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue.]]> 2023-04-20T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23938 www.secnews.physaphae.fr/article.php?IdArticle=8329754 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-04-16T08:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30474 www.secnews.physaphae.fr/article.php?IdArticle=8328386 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.]]> 2023-04-11T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25955 www.secnews.physaphae.fr/article.php?IdArticle=8326582 False Tool None None CVE Liste - Common Vulnerability Exposure The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.]]> 2023-04-04T13:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29000 www.secnews.physaphae.fr/article.php?IdArticle=8324724 False Tool None None CVE Liste - Common Vulnerability Exposure The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.]]> 2023-04-04T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28997 www.secnews.physaphae.fr/article.php?IdArticle=8324721 False Tool None None CVE Liste - Common Vulnerability Exposure The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.]]> 2023-04-04T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28998 www.secnews.physaphae.fr/article.php?IdArticle=8324722 False Tool None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.]]> 2023-03-31T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4899 www.secnews.physaphae.fr/article.php?IdArticle=8323888 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.]]> 2023-03-30T16:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30350 www.secnews.physaphae.fr/article.php?IdArticle=8323546 False Tool None None CVE Liste - Common Vulnerability Exposure runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users\'s cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`.]]> 2023-03-29T19:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25809 www.secnews.physaphae.fr/article.php?IdArticle=8323234 False Tool None None CVE Liste - Common Vulnerability Exposure runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.]]> 2023-03-29T19:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28642 www.secnews.physaphae.fr/article.php?IdArticle=8323237 False Tool None None